Hi,
I have been using the `esp_crt_bundle_attach` so far to use the embedded ca bundle. But I am now working on gsm module to be used as fallback and need to transfer the ca bundle to the module over serial. Is it possible to access the embedded bundle ?
How to access the embedded ca bundle.
-
NotMyRealName
- Posts: 40
- Joined: Thu Feb 13, 2020 1:35 am
Re: How to access the embedded ca bundle.
Might not be helpful, as not a direct answer, but if you use the module in PPPos mode you can keep the TLS stack and certs all centralized in ESP firmware and don't have to worry about sending/duplicating certs in the GSM module.
There is an example for this in the IDF, but I personally had to adapt it a bit to suit our application/module.
Downside of this is you can't send AT commands while in PPP mode so I guess I'll be looking at developing a CMUX implementation next!
There is an example for this in the IDF, but I personally had to adapt it a bit to suit our application/module.
Downside of this is you can't send AT commands while in PPP mode so I guess I'll be looking at developing a CMUX implementation next!
Re: How to access the embedded ca bundle.
NotMyRealName wrote: ↑Mon Mar 07, 2022 11:09 pmMight not be helpful, as not a direct answer, but if you use the module in PPPos mode you can keep the TLS stack and certs all centralized in ESP firmware and don't have to worry about sending/duplicating certs in the GSM module.
There is an example for this in the IDF, but I personally had to adapt it a bit to suit our application/module.
Downside of this is you can't send AT commands while in PPP mode so I guess I'll be looking at developing a CMUX implementation next!
Hi, thanks for that suggestion. I tried the example at `https://github.com/espressif/esp-protoc ... pos_client` and while I was able to connect to the module and get an IP, but unable to connect to the server because of seemingly some problem with DNS. Is this something you came across ? I'm using IDF v4.4.
E (39055) esp-tls: couldn't get hostname for :example.com: getaddrinfo() returns 202, addrinfo=0x0
E (39055) esp-tls: Failed to open new connection
E (39056) TRANSPORT_BASE: Failed to open a new connection
E (39056) MQTT_CLIENT: Error transport connect
I (39057) MQTT: MQTT_EVENT_ERROR
E (39057) MQTT: Last error reported from esp-tls: 0x8001
-
NotMyRealName
- Posts: 40
- Joined: Thu Feb 13, 2020 1:35 am
Re: How to access the embedded ca bundle.
I had to do some tweaking and I am using Telit modules rather than BG96/SIM800.
It is not yet in a production build, but not far off and it runs well in prototype testing. Has a few annoying things like trying to figure out which connection something like the MQTT client is using if both Wi-Fi and Cell are up. I've been using v4.3 and v4.4.
Is that log output verbatim? Or did you put example.com in there before posting it for privacy etc.? If not I'd hazard a guess you need to go through the example config menu or something to set that up.
Failing that, you could check the APN is correct for your carrier/SIM?
It is not yet in a production build, but not far off and it runs well in prototype testing. Has a few annoying things like trying to figure out which connection something like the MQTT client is using if both Wi-Fi and Cell are up. I've been using v4.3 and v4.4.
Is that log output verbatim? Or did you put example.com in there before posting it for privacy etc.? If not I'd hazard a guess you need to go through the example config menu or something to set that up.
Failing that, you could check the APN is correct for your carrier/SIM?
Re: How to access the embedded ca bundle.
1) How the mqtt config looks like?user91829 wrote: ↑Thu Mar 10, 2022 6:16 pmHi, thanks for that suggestion. I tried the example at `https://github.com/espressif/esp-protoc ... pos_client` and while I was able to connect to the module and get an IP, but unable to connect to the server because of seemingly some problem with DNS. Is this something you came across ? I'm using IDF v4.4.
E (39055) esp-tls: couldn't get hostname for :example.com: getaddrinfo() returns 202, addrinfo=0x0
E (39055) esp-tls: Failed to open new connection
E (39056) TRANSPORT_BASE: Failed to open a new connection
E (39056) MQTT_CLIENT: Error transport connect
I (39057) MQTT: MQTT_EVENT_ERROR
E (39057) MQTT: Last error reported from esp-tls: 0x8001
2) I had issue with using URL in mqtt connect (issue due to short of memory), so i have workaround and i am resolving IP first with dns_gethostbyname and then i am using IP in mqtt config
Re: How to access the embedded ca bundle.
I haven't checked the differences yet, but I found a different example at https://github.com/espressif/esp-idf/tr ... pos_client which works. Thanks again. This is more seamless than what I was planning upon.
-
NotMyRealName
- Posts: 40
- Joined: Thu Feb 13, 2020 1:35 am
Re: How to access the embedded ca bundle.
I realize you have moved on to a cleaner solution, but in case anyone is interested, I just stumbled across a possible solution for the original question while looking at something else.
Haven't bothered to check if there is a more refined way to get the bundle, but you probably can access it by copying these lines:
Look at file: "components\mbedtls\esp_crt_bundle\esp_cert_bundle.c"
Haven't bothered to check if there is a more refined way to get the bundle, but you probably can access it by copying these lines:
Code: Select all
extern const uint8_t x509_crt_imported_bundle_bin_start[] asm("_binary_x509_crt_bundle_start");
extern const uint8_t x509_crt_imported_bundle_bin_end[] asm("_binary_x509_crt_bundle_end");Who is online
Users browsing this forum: No registered users and 104 guests